"Randon" threatens port 445! (Security).A new blended worm/trojan threat appears. Kaspersky Labs Kaspersky Lab is a computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering antivirus, anti-spyware, anti-spam, and anti-intrusion products. reports registered infections at the hands of the new network worm "and has already received several incident reports from both Russian and the Netherlands connected with this malicious program. "Randon' spreads via IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. channels and local area networks and infects computers running Windows 2000 and Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. . To penetrate computer systems the worm registers itself in the IRC server (or local area network), scans for all present users and connects to victim computers via port 445 and attempts to gain access by using a fixed list of the most commonly used passwords. When "Randon" manages to successfully break-in it proceeds to transmit to this system the Trojan program `Apher', which then, from a remote web site, loads worm's remaining components (a total of 13 tiles, including a full-fledged MIRC client for work with IRC channels). Randon installs its components to the Windows system directory, registers its main file and the MIRC client in the Windows registry The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system auto-run key, and then executes them. To keep its activities secret, it uses a special utility called `HideWindows', which is also part of the worm. "HideWindows" renders the worm invisible to victims and its active processes can only be detected in the Windows task manager Windows Task Manager is a task manager application included with Microsoft Windows operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information, network activity and . Comment: Fortunately "Randon" does not carry out any destructive functions. Collateral effects on infected in·fect tr.v. in·fect·ed, in·fect·ing, in·fects 1. To contaminate with a pathogenic microorganism or agent. 2. To communicate a pathogen or disease to. 3. To invade and produce infection in. machines include a high volume of redundant or excess traffic and the overflow of IRC channels. To defend against this worm it is enough to load an updated anti-virus program install a personal firewall or use long access passwords. A more detailed description of the `Randon" worm can be found by visiting www.kaspersky.com/ |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion